PT-2019-7658 · Neet · Neet Airstream Nas

Luke Turvey

Published

2019-08-08

Updated

2019-08-15

CVE-2016-10862

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Neet AirStream NAS version 1.1

Description The issue concerns a hardcoded password for the root account, which is set to ifconfig. This password cannot be changed through the configuration page, posing a security risk.

Recommendations For Neet AirStream NAS version 1.1, consider changing the root account password manually or through alternative means, as the configuration page does not allow for this change. As a temporary workaround, restrict access to the root account to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2016-10862

Affected Products

Neet Airstream Nas

PT-2019-7658 · Neet · Neet Airstream Nas

CVE-2016-10862

Weakness Enumeration

Related Identifiers

Affected Products

References · 3